In general, the Process Portal and the Client use the same user rights. In the beginning, users have no rights in the FireStart System so they can't see any Models or Workflows and you have to permit access to specific Processes or Scopes. These permissions are based on the Active Directory's hierarchic system, where you can assign rights to single users or Active Directory groups.
- Workflows cannot be authorized separately, they always inherit the permissions of the specific Model.
- Denial is always stronger than permissions. For example, user Scope A is permitted and at the same time, the sub-Scope B (parent Scope is A) is denied. This means that the user can view all Models of Scope A but not those from sub-Scope B.
- Tasks do not have to be permitted separately, nevertheless, a user can participate in a Workflow without having permissions to this Process.
Types of Permissions
The permissions to be granted are reading and writing. With reading, the user can take a look at the Models but may not change or create them. Writing means you are allowed to create and modify Models, which also means that writing implicates the right for reading.
Set User Permissions
Only as FireStart administration you are allowed to enter the configuration menu in order to manage user permissions.
You can find the Permissions Settings in Menu - Preferences, and there you choose Permissions.
The following User information is displayed:
- Image
- Name
- Login Name
- Permissions
Now you have to click Add so that the dialog for creating a user permission opens. If a user already has permissions, you can open the dialog by clicking the Pen.
After that, you switch to the Permissions tab, and with a click on Scope Allow Permission, you can choose which Scope you want to permit the user to.
💡 | Hint! Please note that the Scopes are split by the designers. If you have Scopes with the same name, be careful to choose the Scope within the intended designer. |
With a click on the OK Button, the wizard closes and you have an entry in Permissions. The default permission is Read Published, but with a click on the entry, you can modify the default value. Permission levels and optional permissions can be selected to your likes in the pop-up. The buttons Apply Permissions (Name + Level) and Apply Permissions (Name) can be used to set the current permissions to other areas with the same name and/or level. On hovering the mouse over those buttons, a more detailed description pops up.
After you finish, click Apply to save changes and then Close the dialog.
The permission entry has been made. But with a double-click, the granted permissions can be changed at any time. The moment the permission is displayed, the user gains the right for writing.